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Starting with version 2.5, TightVNC installer comes in the form of MSI packages. MSI format is 
used by the standard Windows Installer and allows installing software both interactively and in 
automated silent mode. 


Interactive installation is simple and does not differ from the standard way you install the software: 
open the MSI file in Explorer and follow the conventional installation wizard. Automated 
installation needs more explanation and this is what this document is about. 


System Requirements 


System requirements are simple. TightVNC runs on any type of Windows, starting with Windows 
2000 with the latest Service Pack. It works fine on Windows 7 and even on Beta version of 
Windows 8 (as available in summer 2012). Both x86 (32-bit) and x64 (64-bit) systems are 
supported. TightVNC uses very little disk space and can be used on systems with little main 
memory (RAM) so we don't list any minimal recommendations — it should fit any system, provided 
that Windows itself works fine on it. 


Choosing the Right Package 


First of all, we need to say that there are two MSI packages of TightVNC, 64-bit and 32-bit. The file 
names look like this (where 2.5.2 is a version number): 


e  tightvne-2.5.2-setup-32bit.msi 
e  tightvne-2.5.2-setup-64bit.msi 


Choose the one matching your system type. If you run 32-bit version of Windows (x86 
architecture), you can only install 32-bit version of TightVNC. If your system is 64-bit (x64 
architecture), you should install 64-bit version. While 32-bit version might work on a 64-bit 
machine, that can result in poor performance. 


Installing Silently 


To install an MSI package silently from the command line, you should run the msiexec tool with /i 
and /quiet options (where /i stands for install, /quiet sets silent mode). For TightVNC, it would be a 
good idea to add the /norestart option, to prevent rebooting the system after installing the software. 
If everything is good, TightVNC installation should not require restart even if its previous version is 
running as a service. The installer should upgrade the system correctly, by shutting down old 
service, installing the files and then starting new service. 


Here is the simplest example of installing TightVNC in silent mode: 
e msiexec /i tightvnc-2.5.2-setup-64bit.msi /quiet /norestart 


This command should install TightVNC with default settings. However, MSI allows you to 
customize installation via so called MSI properties. The general syntax is the following: 


e msiexec /i tightvnc-2.5.2-setup-64bit.msi /quiet /norestart 
PROPERTY1=valuel PROPERTY2=value2 PROPERTY3=value3 


There is a number of standard properties which are supported by every package (e.g. ADDLOCAL 


for selecting components to be installed). Also, each package can add its own MSI properties to 
perform some package-dependent customization. In next sections, all TightVNC-specific MSI 
properties will be documented. 


Choosing the Components to Install 


If you would like to install a specific component of TightVNC, use the standard MSI property 
named ADDLOCAL. The following three commands install only the server part, only the client part 
and both parts, correspondingly: 


e msiexec /i tightvnc-2.5.2-setup-64bit.msi /quiet /norestart 
ADDLOCAL=Server 


msiexec /i tightvnc-2.5.2-setup-64bit.msi /quiet /norestart 
ADDLOCAL=Viewer 


msiexec /i tightvnc-2.5.2-setup-64bit.msi /quiet /norestart 
ADDLOCAL="Server, Viewer" 


Properties, Part 1: Installation Options 
All available installation options listed below work only in the silent mode (with /quiet option). 


Properties which are related to the TightVNC Viewer installation configuration begin with 
VIEWER_ prefix, and server installation properties begin with SERVER _ prefix. Notice that a 
property will have an effect only if you install the component associated with it. 


Property Value 


VIEWER_ASSOCIATE_VNC_EXTENSION |0- do not associate the ".vnc" file extension with tvnviewer.exe 
1 — associate the ".vnc" file extension with tvnviewer.exe 
Default value: 1 


SERVER REGISTER AS SERVICE 0 — do not register the server as a service 
1 — register the server as a service 
Default value: 1 


SERVER ADD FIREWALL EXCEPTION 0 — do not add firewall exception for the TightVNC Server 
1 — add firewall exception for the TightVNC Server 
Default value: 1 


VIEWER_ADD_ FIREWALL EXCEPTION 0 — do not add firewall exception for the TightVNC Viewer 
1 — add firewall exception for the TightVNC Viewer 
Default value: 1 


SERVER ALLOW_SAS 0 — do not allow generating the "Ctrl+Alt+Del" combination (also known as SAS) 
programmatically 

1 — allow generating the "Ctrl+Alt+Del" combination programmatically 

Default value: 1 


Table 1: Installation options 


Properties, Part 2: TightVNC Server Configuration (Service Mode) 


You can preconfigure your TightVNC Server during installation, by specifying configuration- 
related properties in the command line. This will affect service mode only, it will not alter settings 
of application-mode TightVNC Server. 


Each configuration option (e.g. ALLOWLOOPBACK) is controlled via a pair of MSI properties 
with different prefixes (SET ALLOWLOOPBACK and VALUE OF ALLOWLOOPBACK in this 
example). 


SET _* properties control if the respective option should be modified. They accept the following 
values: 


e 1 —set the configuration option (you should provide the corresponding VALUE _OF * 
property); 
e 0-do not change the option; 


e —] — remove the option from the server configuration (this should result in resetting the 
option to its default value). 


VALUE _OF * properties provide actual values for the configuration options, but they take effect 
only if the corresponding SET _* properties have been set to 1. Thus, to set each individual 
configuration option XXX, you must specify both SET_XXX and VALUE _OF XXX properties. For 
example, to disable incoming connections in your newly installed server, you should install 
TightVNC with a command like this: 


e msiexec.exe /i tightvnc-2.5.2-setup-64bit.msi /quiet /norestart 
SET ACCEPTRFBCONNECT ONS=1] VALUE OF ACCEPTRFBCONNECT ONS=0 


Here is a list of all server options configurable via MSI properties: 


MSI Property Names 


Option Value (for VALUE_* Properties) 


Configuration Window 


SET_ACCEPTHTTPCONNECTIONS 


VALUE_OF_ACCEPTHTTPCONNECTIONS 


Enables Java Viewer (on HTTP connections) 
0 — do not serve Java Viewer to Web clients 
1 — serve Java Viewer to Web clients 
Default value: 1 


Server/Web Access 


SET_ACCEPTRFBCONNECTIONS 


VALUE_OF_ ACCEPTRFBCONNECTIONS 


0 — do not accept incoming connections 
1 — accept incoming connections 
Default value: 1 


Server/Incoming Viewer 
Connections 


SET_ALLOWLOOPBACK 
VALUE_OF ALLOWLOOPBACK 


0 — do not allow loopback connections 
1 — allow loopback connections 
Default value: 0 


Access Control/Loopback 
connections 


SET_ALWAYSSHARED 
VALUE_OF ALWAYSSHARED 


Defines server behaviors on a new connection 
0 — allow non-shared connections 

1 — always treat new connections as shared 
Default value: 0 


If both ALWAYSHARED and NEVERSHARED are false 
then the type of connection is determined by client settings 


Note: this option is described further in the section 
"Properties, Part 3: Server behavior on new connections" 


Administration/Session 
Sharing 


SET_BLOCKLOCALINPUT 
VALUE_OF BLOCKLOCALINPUT 


0 — allow local input during client sessions 
1 — block local input during client sessions 
Default value: 0 


Server/Web Access 


SET_BLOCKREMOTEINPUT 
VALUE_OF BLOCKREMOTEINPUT 


0 — allow remote input events 
1 — block remote input events 
Default value: 0 


Server/Input Handling 


SET_DISCONNECTACTION 
VALUE_OF _DISCONNECTACTION 


Defines an action that will be performed when last client 
disconnects: 

0 — do nothing 

1 — lock desktop 

2 — log off current user 

Default value: 0 


Administration/When Last 
Client Disconnects 


SET_DISCONNECTCLIENTS 
VALUE_OF_DISCONNECTCLIENTS 


Defines server behaviors on a new connection 

0 — disconnect existing clients on new non-shared connection 
1 — block new non-shared connection if someone is already 
connected 

Default value: 1 


DISCONNECTCLIENTS does not work if 
ALWAYSSHARED is set to 1 


Note: this option is described further in this section 
"Properties, Part 3: Server behavior on new connections" 


Administration/Session 
Sharing 


MSI Property Names 


Option Value (for VALUE_* Properties) 


Configuration Window 


SET_EXTRAPORTS 
VALUE_OF EXTRAPORTS 


Mapping of additional listening TCP ports to selected screen 
area 

Type: string in format 

"PORT: WIDTHXHEIGHT+LEFT+TOP" 

For example: 
"5901:1280x1024+0+0,5902:1280x1080+1280+0" 

Default value: "" 


Extra ports/Extra ports 


SET_GRABTRANSPARENTWINDOWS 
VALUE_OF_GRABTRANSPARENTWINDOWS 


0 — do not grab transparent windows 
1 — grab transparent windows 
Default value: 0 


Server/Update Handling 


SET_HTTPPORT 
VALUE_OF HTTPPORT 


Web access port 
Type: DWORD 
Default value: 5800 


Server/Web Access 


SET_IPACCESSCONTROL 
VALUE_OF_IPACCESSCONTROL 


Set rules for IP ranges 

Type: string in format "JP/-/P2: {0|1|2}", where: 

0 — allow connections 

1 — deny connections 

2 —set query action 

For example: "0.0.0.0-255.255.255.255:2" — set the query 
action for all incoming connections. 

Default value: "" 


Access Control/Rules 


SET_LOCALINPUTPRIORITY 0 — allow remote input on local activity Server/Input Handling 
VALUE OF LOCALINPUTPRIORITY 1 — block remote input on local activity 

aad Default value: 0 
SET_LOCALINPUTPRIORITY TIMEOUT Allows to change inactivity time (in seconds) belonged with | Server/Input Handling 
VALUE OF LOCALINPUTPRIORITYTIMEOUT the option "Block remote input on local activity’ 

aio Type: DWORD 

Default value: 3 

SET_LOGLEVEL Log verbosity level Administration/Logging 


VALUE_OF_LOGLEVEL 


Value range: 0-9 (0 — disable logging) 
Default value: 0 


SET_LOOPBACKONLY 
VALUE_OF LOOPBACKONLY 


0 — allow 
1 — allow only loopback connections 
Default value: 0 


Access Control/Loopback 
Connections 


SET_NEVERSHARED 
VALUE_OF_NEVERSHARED 


Defines server behaviors on a new connection 
0 — allow shared connections 

1 — never treat new connection as shared 
Default value: 0 


If both ALWAYSHARED and NEVERSHARED are false 
then the type of connection is determined by the client's 
setting 


Note: this option is described further in this section 
"Properties, Part 3: Server behavior on new connections" 


Administration/Session 
Sharing 


SET_POLLINGINTERVAL 
VALUE_OF_ POLLINGINTERVAL 


Screen polling cycle time (in milliseconds) 
Type: DWORD 
Default value: 1000 


Server/Update Handling 


SET_QUERYACCEPTONTIMEOUT 
VALUE_OF_ QUERYACCEPTONTIMEOUT 


The setting is effective only for IP-addresses with access rule 
action "Query local user": 

0 — accept connection on timeout 

1 — reject connection on timeout 

Default value: 0 


Access Control/Query 
Settings 


SET_QUERYTIMEOUT 
VALUE_OF QUERYTIMEOUT 


Query timeout (in seconds) 
Type: DWORD 
Default value: 30 


Access Control/Query 
Settings 


SET_REMOVEWALLPAPER 
VALUE_OF REMOVEWALLPAPER 


0 — show wallpaper 
1 — hide desktop wallpaper 
Default value: 1 


Server/Miscellaneous 


SET_RFBPORT 


Main server port 


Server/Incoming Viewer 


Type: DWORD Connections 
VALUE_OF_VALERFBPORT Default value: 5900 
SET_RUNCONTROLINTERFACE 0 — do not show service icon in the notification area Server/Miscellaneous 


VALUE_OF RUNCONTROLINTERFACE 


1 — show service icon in the notification area 
Default value: 1 


MSI Property Names Option Value (for VALUE_* Properties) Configuration Window 


SET_SAVELOGTOALLUSERSPATH 0 — make log file private for each user Administration/Logging 


VALUE OF SAVELOGTOALLUSERSPATH 1 — make log file available to all users 
TR Default value: 0 


Table 2: Server configuration options 


Properties, Part 3: Server Behavior on New Connections 


Server behavior and connection types are controlled by ALWAYSHARED, NEVERSHARED and 
DISCONNECTCLIENTS options and their combinations. The meaningful combinations are shown 
in the following table. 


ALWASHARED | NEVERSHARED | DISCONNECTCLIENTS Description 

0 0 0 Block new non-shared connection if someone is already connected 

0 0 1 Disconnect existing clients on new non-shared connection 

0 1 0 Never treat connections as shared, disable new clients if there is one already 

0 1 1 Never treat connections as shared, disconnect existing client on new 
connections 

1 0 0, 1 (not significant) Always treat connection as shared, add new clients and keep old connections 


Table 3: Server session sharing options 


In the first two examples the resulting connection type is determined by the client setting (the check 
box "Request shared session" in the "Connection options" window). In the remaining cases that 
client setting is ignored. 


Properties, Part 4: Password Protection (Service Mode) 


The server settings in the table 2 work in any installation mode, but there are some server options 
concerned with password settings which are effective only during silent installation. 


To protect your TightVNC Server, you can set passwords for control interface and VNC client 
authentication. Settings responsible for enabling authentication are 
USECONTROLAUTHENTICATION and USEVNCAUTHENTICATION. 


If USECONTROLAUTHENTICATION option is set to 1, the server will require the authentication 
for most of control operations. The USEVNCAUTHENTICATION option is responsible for 
requiring VNC authentication of incoming connections, which can have view-only or full-control 
access type. You can set passwords for both of them. 


To add a password, first you need to set "use corresponding authentication" property to 1 and then 
add necessary passwords. All available password options are presented in the table 4. Do not forget 
to use SET_/VALUE_OF_ pair. 


MSI Property Names Option Value (for VALUE_* Properties) Configuration Window 
SET_USECONTROLAUTHENTICATION 0 — do not protect control operations with an administrative Administration/Control 
VALUE_OF_USECONTROLAUTHENTICATION | Password AEN Patera 

1 — protect control operations with an administrative 

password 


Default value: 0 


SET_USEVNCAUTHENTICATION 0 — do not require VNC authentication on establishing Server/Incoming Viewer 


connection Connections 
VALUB OR USEVNCA UTHENTIGATION 1 — require VNC authentication on establishing connection 


Default value: 1 


SET_CONTROLPASSWORD Password required to run the server control interface [Administration/Control 


VALUE OF CONTROLPASSWORD Type: string M Interface]Password 
Gia Default value: 


Requires USECONTROLAUTHENTICATION to be set to 1 


MSI Property Names 


Option Value (for VALUE_* Properties) 


Configuration Window 


SET_PASSWORD 
VALUE_OF_ PASSWORD 


m 


Password used as primary for incoming connections 
Type: string 

Default value: 
Requires USEVNCAUTHENTICATION to be set to 1 


[Server/Incoming Viewer 
Connections]Primary 
password 


SET_VIEWONLYPASSWORD 
VALUE_OF_VIEWONLYPASSWORD 


m 


Password used as "view-only" for incoming connections 
Type: string 

Default value: 
Requires USEVNCAUTHENTICATION to be set to 1 


[Server/Incoming Viewer 
Connection] View-only 
password 


Table 4: Password protection options 


The specific examples of setting passwords are considered in the next section. 


Sample Command Line to Preset All Passwords 


Here we explore specific examples of setting passwords with MSI properties. 


To set a main password for VNC authentication, you should use following commands: 


ENTICAT 


SET USEVNCAUTH 


ON=1 


VALUE_OF_USEVNCAUTHENT 


CAT 


1 


ON 


SET_PASSWORD=1 
VALUE_OF_PASSWORD=PASS 


= 
a 


Also, you can set view-only password: 


SET VIEWONLYPASSWORD=1 


VALUE_OF_V 


EWONLYPASSWOR 


D=VIEWPASS 


And if you would like to configure the administrative password (protect the user interface of the 
TightVNC Server), set the following values as well: 


SET USECONTROLAUTHENT 


CAT 


ON=1 


VALUE_OF_USECONTROLAUTH 


ENT 


CAT 


ON 


1 


SET_CONTROLPASSWORD=1 


= 


VALUE OF CONTROLPASSWOR 


a 


D=ADMNPASS 


Finally, lets set all the passwords in one command line: 


EVNCAUTHENT 


US 


CAT 


ON=1 


T 


_OF_USEVNCAUT 
PASSWORD=1 
E_OF_PASSWORD= 
EWONLYPASSWO 
| OF _VIEWONLYP 
ECONTROLAUTH 


U 


HENT 


CAT 


ON 


1 


mainpass 
RD 
ASSWO] 
ENTICAT 


ON=1 


an 


OF US 
CONTROL 


U 


PASSWOR 


C 


ECONTROI 


E_OF_CONTROLPASSWOR 


AAUTHENT 


CAT 


ON 


msiexec.exe /i tightvnc-2.5.2-setup-64bit.msi /quiet /norestart 


RD=viewpass 


1 


D=1 


D=admpass 


